Four Nepal Government Websites Hacked with Critical Information dumped by malicious actors

September 22, 2018

Nepal Public Service Commission and three other government websites of Nepal have been compromised. The PSC website is hosted by Ministry of Communication and Information Technology, Government of Nepal at IP address 202.45.144.31

The malicious actors have dumped thousands of critical information in the PSC website exploiting a loophole in the file upload functionality of FCKeditor known as FCKeditor arbitrary file upload vulnerability.

FCKeditor contains functionality to handle file uploads and file management. By this vulnerability, the remote attacker could gain unauthorized access to upload malicious executable files on the system leading to privilege escalation RCE and other attacks.